Got a S3 bucket but don't know who is the owner?
Use the below command to check the bucket owner
#bugbountytip #bugbountytips #infosec #AWS
Use the below command to check the bucket owner
aws s3api get-bucket-acl --bucket bucket-name#bugbountytip #bugbountytips #infosec #AWS
#BurpHacksForBounties - Day 7/30
Macro: A recorded session in Burp Suite
Part 1: What, How & Why?
Part 2: How to use to automate testing?
#infosec #ppsec #bugbounty #bugbountytips #security #burp
Macro: A recorded session in Burp Suite
Part 1: What, How & Why?
Part 2: How to use to automate testing?
#infosec #ppsec #bugbounty #bugbountytips #security #burp
2/n
Click Add and proxy tab will open.
Send the requests you want to record.
Click OK.
Macro will be recorded give it a fancy name.
Click Add and proxy tab will open.
Send the requests you want to record.
Click OK.
Macro will be recorded give it a fancy name.
3/n
Use Macro with sessions.
For all in-scope URLs now, this macro under sessions will run prior to each request.
Use Macro with sessions.
For all in-scope URLs now, this macro under sessions will run prior to each request.
n/n
Use cases
- Sites having custom login.
- Useful in writing extender plugins.
- IDOR testing.
Tomorrow we will see how we can automate testing with Macro and burp.
Use cases
- Sites having custom login.
- Useful in writing extender plugins.
- IDOR testing.
Tomorrow we will see how we can automate testing with Macro and burp.
#BurpHacksForBounties - Day 8/30
Burp Suite Automation through Macros and Using macros in creating sessions for APIs and protected resources.
#infosec #appsec #burp #security #bugbountytips #bugbounty
Burp Suite Automation through Macros and Using macros in creating sessions for APIs and protected resources.
#infosec #appsec #burp #security #bugbountytips #bugbounty
Create Macros for burp as discussed in previous tweet.
#BurpHacksForBounties - Day 7
Once created, add it as session and set the scope. For demo, I am adding all URLs as Scope.
Now all the requests mentioned in Tools scope will be Macro processed.
Use Tracer to debug macro
#BurpHacksForBounties - Day 7
Once created, add it as session and set the scope. For demo, I am adding all URLs as Scope.
Now all the requests mentioned in Tools scope will be Macro processed.
Use Tracer to debug macro
🚨🚨🤓 #BurpHacksForBounties - Day 9/30
Following parameter in Burp Suite repeater's response.
A time-saver tip that I read from @sw33tLie reply in the thread by @codingo_
👇🔽⬇️
#security #appsec #burp #bugbountytips #bugbountytip
Following parameter in Burp Suite repeater's response.
A time-saver tip that I read from @sw33tLie reply in the thread by @codingo_
👇🔽⬇️
#security #appsec #burp #bugbountytips #bugbountytip
When you are playing with a parameter in the repeater tab and its value gets reflected in the response, you can enable this toggle when you have to scroll to see what has changed...a true time-saver!
How to? See the image below.
How to? See the image below.
Zero-day / CVE-2021-35211
SolarWinds 2.0: Serv-U Remote Memory Escape Vulnerability. The said vulnerability was reported to SolarWinds by Microsoft security team and is under active exploitation.
This security vulnerability only affects Serv-U Managed File Transfer and Serv-U Secure FTP and does not affect any other SolarWinds or N-able (formerly SolarWinds MSP) products.
https://www.solarwinds.com/trust-center/security-advisories/cve-2021-35211
SolarWinds 2.0: Serv-U Remote Memory Escape Vulnerability. The said vulnerability was reported to SolarWinds by Microsoft security team and is under active exploitation.
This security vulnerability only affects Serv-U Managed File Transfer and Serv-U Secure FTP and does not affect any other SolarWinds or N-able (formerly SolarWinds MSP) products.
https://www.solarwinds.com/trust-center/security-advisories/cve-2021-35211
Labs for Web application Pentesting Practice
SQLi: https://github.com/Audi-1/sqli-labs
Oauth 2.0: https://github.com/koenbuyens/Vulnerable-OAuth-2.0-Applications
GraphQL: https://github.com/david3107/graphql-security-labs
JWT Authentication: https://github.com/Sjord/jwtdemo
SAML Authentication: https://github.com/yogisec/VulnerableSAMLApp
XSS: https://portswigger.net/web-security/cross-site-scripting
#bugbounty
SQLi: https://github.com/Audi-1/sqli-labs
Oauth 2.0: https://github.com/koenbuyens/Vulnerable-OAuth-2.0-Applications
GraphQL: https://github.com/david3107/graphql-security-labs
JWT Authentication: https://github.com/Sjord/jwtdemo
SAML Authentication: https://github.com/yogisec/VulnerableSAMLApp
XSS: https://portswigger.net/web-security/cross-site-scripting
#bugbounty
GitHub
GitHub - Audi-1/sqli-labs: SQLI labs to test error based, Blind boolean based, Time based.
SQLI labs to test error based, Blind boolean based, Time based. - Audi-1/sqli-labs
Huntkit - Docker Image For Pentesting, Bug Bounty, CTF and Red Teaming
https://github.com/mcnamee/huntkit
#Metasploit #masscan #Exploitation #BugBounty #RedTeaming #CTF
https://github.com/mcnamee/huntkit
#Metasploit #masscan #Exploitation #BugBounty #RedTeaming #CTF
GitHub
GitHub - mcnamee/huntkit: Docker - Ubuntu with a bunch of PenTesting tools and wordlists
Docker - Ubuntu with a bunch of PenTesting tools and wordlists - mcnamee/huntkit